Snort mailing list archives

RE: Snort hardware issues

From: agetchel () kde state ky us
Date: Wed, 13 Jun 2001 16:09:36 -0400

Hi Paul,
        Snort is not multithreaded and will not be multithreaded (according
to the developers), so it _will not_ take advantage of multiple processors.
There is no portable threading library that would allow Snort to be ported
to the numerous OS's it currently runs on, so the decision was made to keep
portability as a trade-off for SMP capabilities.  IMHO, this is a good
thing.
        The load the system is under _could_ have something to do with the
unresponsiveness of the system, but it shouldn't be so loaded that it can't
respond to ICMP traffic.  Something else seems to be the issue here...

Thanks,
Abe

Abe L. Getchell - Security Engineer
Division of System Support Services
Kentucky Department of Education
Voice   502-564-2020x225
E-mail  agetchel () kde state ky us
Web     http://www.kde.state.ky.us/

-----Original Message-----
From: Sheahan, Paul (PCLN-NW) [mailto:Paul.Sheahan () priceline com]
Sent: Wednesday, June 13, 2001 3:48 PM
To: 'Snort-users () lists sourceforge net'
Subject: [Snort-users] Snort hardware issues

I have a couple of technical hardware questions related to 
Snort that I was
hoping someone could answer?

1. I am running a Snort server on a Compaq DL360 running Red 
Hat Linux 7.0.
The DL360 has 2 CPU's which don't seem to be getting utilized 
by Snort. Does
Snort support using 2 CPU's? When I use the TOP command, it 
shows one CPU as
pegged at 99.8% utilitzation, then the 99.8% jumps over to 
the 2nd CPU and
the first CPU becomes idle. The utilization pegs on both CPUs back and
forth. Is this normal? Can this be throttled somehow so I can 
get in and
manage the box easier without it being so sluggish?

2. Also I have 2 NICs in the box, one is used for gathering 
the data (it is
on a spanned port on a switch) and the other NIC I use for 
management. Every
time I try and log in, the server does NOT respond. If I do a 
traceroute on
both interfaces they don't respond for maybe 10 or 20 traces, 
then they pop
up. Then I QUICKLY open an ssh session and I'm in from there. 
If I do an
IFCONFIG, the 2nd NIC I plan to use for management shows NO 
activity, though
it is active and I can log in through it. Something 
definitely wrong here. I
wonder if the pegged CPU utilitization has something to do 
with the lack of
response? I can't think of a reason why the 2nd NIC would 
have no activity
though.

Any technical gurus out there that might have some ideas?

Thanks!
Paul

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort hardware issues Sheahan, Paul (PCLN-NW) (Jun 13)
- Re: Snort hardware issues Erek Adams (Jun 13)
- <Possible follow-ups>
- RE: Snort hardware issues agetchel (Jun 13)